FAQ---SSH/telnet login on the FAT AP is not possible from the wireless side

Publication Date: 2016-08-31Views: 1810Downloads: 0

Issue Description

Scenario:

The administrator of the WLAN network described in Figure 1 requires
management access from the wireless side.The FAT AP has been configured to allow ssh/telnet access for the admin
user and the ssh connection is successful when is initiated from the wired side
of the network.

When the SSH connection is initiated from the STA connected to the Wi-Fi, the connection times out “port 22: Connection timed out”.

Figure 1 WLAN service configuration
networking on a small-scale network

By design, The AP does not allow ssh/telnet management
connections from the wireless side due to security reasons.

The AP offers the alternative to configure a new
VAP on the AP which will allow only management access as telnet/ssh. The configuration can be made by using
the type ap-management command in the service-set view to change the type of the service set for management ( vap-profile in V2R6
version or later)

Note that in the case where a vap is
configured for AP management, the STAs that will connect to the new VAP will
only have access to the AP management but not to the network resources.

Example

# Create a new VAP for a SSID “management” which will allow
only AP management